routing and nat problem

Discussion in 'Cisco' started by andrea.ferraris@gmail.com, Apr 3, 2006.

  1. Guest

    Hi,

    sorry if the question is silly, but I'm a newby.
    Any pointer and reference to useful docs to solve my trouble is welcome
    (it is, thx for RTFM and links).

    My problem is that our internal LAN 192.168.aaa.0/24 should change gw
    to allow Internet access. Before we go out by mean of a fortigate 60 fw
    that did NAT. Now
    we have to use our internal cisco 2600 direct connected to another
    cisco on a 10.X.Y.Z/25
    on the way to inet.

    I tried to do the following things:

    - changing default gateway:

    before on our 2600 config was

    ip route 0.0.0.0 0.0.0.0 192.168.aaa.bbb (the fortigate fw IP on our
    internal lan)

    now is

    ip route 0.0.0.0 0.0.0.0 10.AAA.BBB.CCC (the cisco IP direct connected
    to our router)

    - then I defined the natting this way:

    On the eth interface connected to the switch of our internal lan:

    "interface Ethernet0/0
    ip address 192.168.aaa.zzz 255.255.255.0
    ip nat inside"

    On the eth interface direct connected to the other router:

    "interface Ethernet0/1
    ip address 10.AAA.BBB.CCC 255.255.255.128
    ip nat outside"

    then

    "ip nat inside source list 1 interface Ethernet0/1 overload "

    and

    "access-list 1 permit 192.168.aaa.0" (our 192.168.aaa.0/24 lan)

    I think that maybe I missed some piece, because if I give the command
    show ip nat translations there are no output.

    Thanks to all replying people and best regards to everybody,

    Andrea
     
    , Apr 3, 2006
    #1
    1. Advertising

  2. Guest

    errata corrige:

    "interface Ethernet0/1
    ip address 10.AAA.BBB.CCC 255.255.255.128"

    has had been:

    "interface Ethernet0/1
    ip address 10.AAA.BBB.CCD 255.255.255.128"

    It is, that is not the same address of the interface of the gw router
    outside our lan.

    And then also the connectivity is OK, not only because I can ping the
    other router from the mine, but also because from my router I can
    traceroute to hosts on the 10.XXX.YYY.ZZZ net that I can only access
    because I connected to the other router.

    Andrea
     
    , Apr 3, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. zher
    Replies:
    2
    Views:
    9,238
  2. Andrew Albert
    Replies:
    1
    Views:
    4,034
    Rod Dorman
    Feb 8, 2005
  3. Sied@r
    Replies:
    3
    Views:
    8,619
    Sied@r
    Oct 20, 2005
  4. Paul

    NAT routing problem

    Paul, Mar 10, 2008, in forum: Cisco
    Replies:
    6
    Views:
    695
    warrensys
    Apr 21, 2008
  5. Luca

    NAT or routing problem...

    Luca, Nov 13, 2008, in forum: Cisco
    Replies:
    5
    Views:
    659
Loading...

Share This Page